Terminating HTTPS on EC2 Instances Running
Python

For Python container types using Apache HTTP Server with the Web Server Gateway Interface
(WSGI), you use a configuration file to enable the Apache
HTTP Server to use HTTPS.

Add the following snippet to your configuration file,
replacing the certificate and private key material as instructed, and save it in your
source
bundle's .ebextensions directory. The configuration file performs the
following tasks:

Creates the private key file on the instance. Replace private key
contents with the contents of the private key used to create the
certificate request or self-signed certificate.

The container_commands key stops the httpd service after everything has
been configured so that the service uses the new https.conf file and
certificate.

If your application is not named application.py, replace the
highlighted text in the value for WSGIScriptAlias with the local path to your
application. For example, a django application's may be at
django/wsgi.py. The location should match the value of the
WSGIPath option that you set for your environment.

Avoid committing a configuration file that contains your
private key to source control. After you have tested the configuration and confirmed
that it
works, store your private key in Amazon S3 and modify the configuration to download
it during
deployment. For instructions, see Storing Private Keys Securely in Amazon S3.

In a single instance environment, you must also modify the
instance's security group to allow traffic on port 443. The following configuration
file
retrieves the security group's ID using an AWS CloudFormation function and adds a rule to it.